Computer Security Blog

What follows are some of the blog posts I originally wrote while employed by Computer Associates (CA Inc.) as a lead cyber analyst on the CA Anti-Spyware product.  The technology was originally created by PestPatrol Anti-Spyware, where I had previously been employed and was hired as the first research engineer by company co-founder David Stang.  CA has since sold the technology (first as a technology sharing arrangement with outsourcer HCL and then sold outright to Total Defense), so the original publication links no longer work and that is why I am re-posting the writings here.

A number of my writings and research put light on important spyware and privacy incidents and were republished, referenced and quoted in hundreds of print and online publications like Business Week, Computer World, CNet, Slashdot, New York Times, Washington Post, and Cornell University, to name just a few.  See my Media Coverage page for more.  Also, State and Federal agencies picked up my research.

One piece of my research uncovered the use of highly invasive spyware by Sears Holdings Corp – which involved surreptitiously installing the spyware and monitoring virtually all data flowing to and from the infected computer, including banking login credentials, browsing habits, etc, all in the name of “enhanced customer experience”.  This research set off, rightfully so, a firestorm of criticism against Sears.  Besides triggering a backlash from customers, the general public and the InfoSec community, the FTC stepped in, as well as a number of lawyers with class action lawsuits.  The FTC and Sears eventually settled and Sears agreed to reverse course and get out of the spyware business (for more information, Google: ftc+sears+spyware).  My first blog post is what got the ball rolling and includes some of my initial research findings.  Subsequent posts entail my very public conversation with, in the form of written responses, with the then CEO who oversaw the spyware program, Rob Harles:

  1. Sears.com: Join the Community – Get Spyware
  2. Sears Update: Privacy Policy, Scorecard, and Genetic Heritage
  3. Sears Update: Response to Rob Harles, VP SHC Community
  4. 2nd Response to Rob Harles, VP of Sears’ SHC Community

See my Media Coverage page for some of the press this writing received, or, for a more exhaustive listing, use Google to search for the terms Benjamin+Googins+sears+spyware.  Here are few 1, 2, 3, 4, 5.

Another example of my research and writing that was well received was this piece titled Robbery, is your data prepared?.  The main point of the article revolved around properly backing up data, in the case of robbery, natural disaster, etc.  BusinessWeek Euro reached out and republished the piece, with minor edits, in a European version of the print magazine, as well as a number of other print sources.  The content is outdated for today’s use, but many of the concepts still apply.

“Robbery, is your data prepared” – republished in BusinessWeek (1/3 pages).

My work, in conjunction with my esteemed colleague, on Facebook’s use of Beacon technologies also garnered a lot of attention and led to changes at Facebook as well as helping set an industry wide precedent.  The essence of my concern focused on Facebook using cross-site scripting to transfer user information between Facebook servers and partner sites, including user credentials in plain text.  The Internet lit up.  After multiple conference calls with Facebook engineers, their privacy officer and my colleague, Facebook eventually changed their use of Beacon technology.

  1. Facebook SocialAds – Going Too Far?
  2. Follow-up: Facebook’s Response
  3. Facebook’s Beacon is Improved, But Remains a Threat

Here is a partial list of my blog postings during about a 1 year period:

  1. Facebook: “Who is checking my profile” application deceitful and privacy invasion
  2. Comcast ‘Constant Guard’: Popup and Email Creating Insecurity?
  3. Yahoo Chat and Mobile: More Spam, Stolen Email addresses
  4. Conficker April 1st FAQ
  5. President-elect Barack Obama Fake Website: pushing malware
  6. Unabated Fraud – Spyware Guard 2008
  7. Urgent: Microsoft out-of-band security update for Internet Explorer
  8. Identifying and Removing AntiVirus 2009 and Rootkit
  9. Caution When Using PUBLIC COMPUTERS
  10. FTC takes down RemoteSpy keylogger: What Now?
  11. Emerging Threat: AntiVirus 2009
  12. Persistent Malware: Microsoft’s System Restore feature
  13. 2nd Response to Rob Harles, VP of Sears’ SHC Community
  14. Sears Update: Response to Rob Harles, VP SHC Community
  15. Sears Update: Privacy Policy, Scorecard, and Genetic Heritage
  16. Sears.com: Join the Community – Get Spyware
  17. Facebook’s Beacon is Improved, But Remains a Threat
  18. Follow-up: Facebook’s Response
  19. Facebook SocialAds – Going Too Far?
  20. The High Cost of Free MP3s
  21. Robbery, is your data prepared?
  22. Acer Releases Patch for LunchApp.ocx vulnerability
  23. Would Acer spy on you?
  24. Beware: Imitation CA security products and websites

By: Benjamin Googins

avatar

Benjamin Googins is a senior engineer working on CA’s Anti-Spyware product. His primary functions include analyzing spyware and privacy breaches, fielding press inquiries, blogging and drafting documents. He has been a significant contributor to the User Permission document , Spyware Scorecard , Threat… Read More..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s